RE: proxy a single attribute

["Howard Chu" <hyc@highlandsun.com>]

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Brian Jones

> Hi,
>
> I'm just getting into some of the 'back ldap' functionality,
> but my brain is
> a little fried, and I think I've misunderstood one or two
> fundamental things
> about it.

> I currently am set up so that if you search *my* test LDAP
> server, but set
> your base to 'ou=proxy, dc=their,dc=server', you'll actually
> be searching a
> completely different server.

This is the way back-ldap is intended to be used.

> However, what I really *want*
> to do when I go
> into production is simply proxy requests for certain
> attributes, getting the
> rest from the local server.

We've explored this on the -devel list. OpenLDAP doesn't do this.

> Is there no way to do something like this in my LDIF:
>
> dn: cn=jonesy, dc=mydomain,dc=org
> objectclass:..
> ....
> physicalDeliveryOfficeName: ldap://other.dapserver.org/ldapquerystringhere

No. The content of this attribute is just a Directory String, there is no way
to store a value here that will be interpreted as a special pointer to
something else.

> My feeling is that this will be disgustingly slow, but it
> would make some
> other things easier (which aren't really dependent on speed).
> Is there a way
> to get the same effect somehow?

You can do all kinds of manipulations using back-perl, as one example. You
might consider just adding a labeledURI attribute to the entry and having
your application chase that itself.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support